On 29/11/16 04:37, Jonas Wagner wrote: > I'd like to ask a question about how MAAS uses iSCSI. Apparently, the > MAAS region controller exposes iSCSI targets for supported Ubuntu > images. These are flagged as vulnerable by the Nessus scanner running > at our university. > > I've described this in more detail here: > https://askubuntu.com/questions/847854/maas-disable-iscsi-or-require-authentication > > I would be curious as to how MAAS uses these iSCSI targets. Is it > possible to make them available to the internal network only (where > the MAAS-managed cluster is) rather than the region controller's > external interface? Would MAAS break if we close the corresponding > ports in our firewall?
I believe these are currently read-only boot volumes for ephemeral (i.e. ramdisk) Ubuntu used for enlistment and commissioning, as well as the OS installer during deployment. They should only need to be accessed by machine being enlisted, commissioned and deployed, so yes, it should be fine (and sensible) to screen them off. Mark -- Maas-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/maas-devel
